British Airways, which once liked to describe itself as “The World’s Favourite Airline”, is about to become a whole lot less popular with hundreds of thousands of its customers.

The airline has announced that hackers have stolen customers’ personal and payment card information from its website:

We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.

From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised.

The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.

We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.

Details are currently sparse, although BA spokespeople appear to have confirmed to the media that some 380,000 card payments were compromised in the breach of its website.

BA says that it has now resolved the vulnerability, and that it is safe for passengers to check-in online, and book flights online. Customers are being advised to contact their banks for further advice.

It continues to investigate the incident, and one imagines will be publishing more details about the serious security breach as it becomes available.

Quite frankly, with GDPR now in force, it won’t just be affected customers who are watching with interest how this incident plays out.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.